Professional Documents
Culture Documents
Lemma
Counting. Let F := Func(n, n), the set of all functions f : {0, 1}n → {0, 1}n.
And let P := Perm(n, n), the set of all permutations f : {0, 1}n → {0, 1}n. It is
n
easy to see that |F | = 2n2 and |P| = 2n !. Now, for any distinct ai ’s and any
distinct zi ’s, the number of functions f such that f (a1 ) = z1 , · · · , f (aq ) = zq
n
is exactly 2n(2 −q) because, the outputs of q elements are fixed and the rest
(2n − q) many outputs can be chosen in (2n )(2 −q) many ways. Similarly, for
n
any distinct ai ’s and any distinct zi ’s, the number of permutations f such that
f (a1 ) = z1 , · · · , f (aq ) = zq is exactly (2n −q)!. Thus, Pru [u(a1 ) = z1 , · · · , u(aq ) =
1
zq ] = 2nq where u is the uniform random function on F (an uniform ran-
dom variable taking values on F ). And Prπ [π(a1 ) = z1 , · · · , π(aq ) = zq ] =
1 1 1
2n × 2n −1 · · · 2n −q+1 where π is the uniform random permutation on P (an uni-
form random variable taking values on P).
q(q − 1)
|Pr[Au = 1] − Pr[Aπ = 1]| ≤ ,
2n+1
where u is the uniform random function on F and π is the uniform random
permutation on P.
Proof. Our proof is based on the strong interpolation theorem. The organization
of our proof is as follows. First, we define a set of good views Vgood and give
a lower bound of Pr[vF = v] for all v ∈ Vgood , where F is u. And we give an
upper bound of Pr[vttG = v] for all v ∈ Vgood , where G is π. Then, we compute
ε and ε′ such that for all v ∈ Vgood , Pr[vF = v] ≥ (1 − ε) × Pr[vG = v] and
Pr[vG ∈ Vgood ] ≥ 1 − ε′ . Finally, based on Theorem 1 (strong interpolation the-
orem), we conclude that |Pr[Au = 1] − Pr[Aπ = 1]| ≤ ε′ + ε.
References
1. D. J. Bernstein. A short proof of the unpredictability of cipher block chaining.
http://cr.yp.to/antiforgery/easycbc-20050109.pdf , 2005.
2. M. Bellare and P. Rogaway, Code-Based Game-Playing Proofs and the Security of
Triple Encryption, Advances in Cryptology - Eurocrypt’06, LNCS 4004, Springer-
Verlag, pp. 409-426, 2006.
3. D. Chang and M. Nandi, Improved Indifferentiability security analysis of chopMD
Hash Function, Appears in FSE’08.